ssh user@server -R server:port1:localhost:port2
This way ssh will forward requests to server:port1 to localhost:port2, but anyone can connect to server:port1.
So I'm wondering of there's something that can do this but at the same time supports authentication?
You can easily do this using another ssh tunnel from your local machine.
First, you have to block external connections to port1 of your server using iptables:
iptables -A INPUT -p tcp --dport port1 -i eth0 -j DROP
where eth0 is your WAN port.
Then create direct tunnel at port1 of your server from local port 5000 and this very step requires authentication
ssh -L user@server 5000:localhost:port1
Now you can connect to 5000 port of your local machine as if you connect to server:port1.
